Saturday, November 19, 2016

The 12 Online Scams of Christmas

by Merlin Benningfield, Managing Partner - Fast Rhino, LLC


On the first day of Christmas my scammer cheated me with a $300 Fee.

As we approach the holidays, more and more scams emerge in person, through snail mail and online. For as long as people continue to fall for their scams, the perpetrators will continue to set their traps to take advantage of the uninformed.

On the second day of Christmas my scammer cheated me with Fraudulent Support and a $300 fee.
One of the most common online scams to which we see people fall victim, is fraudulent support.  These scammers will trick you into thinking there is something wrong with your computer and then they attempt to gain remote access to your system. This type of scam can happen if you receive a phone call, if you call a technical support number but you don't realize the number belongs to a criminal organization (there are a growing number of these imposters), or if you get some sort of notification on your computer screen that suggests you call some phone number. As a rule, do not let anyone remote onto your computer unless you have a personal relationship with them. Do not enter any codes into your computer at the behest of anyone you do not know.


On the third day of Christmas my scammer cheated me with Fake FedEx Tracking, Fraudulent support and a $300 fee.
Shipping carriers like FedEx, UPS and USPS report a 15%-20% increase in the number of packages that are sent during the holiday season.  The bad guys take advantage of this by sending out emails which mimic these carriers and try to trick you into clicking on links or attachments to find out the status of a late or missing "shipment".  These scams are quite effective because they place pressure on the emotions and curiosity of the recipient.

On the fourth day of Christmas my scammer cheated me with Key Logging Malware, Fake FedEx Tracking, Fraudulent Support and a $300 fee.
Key loggers are tiny programs that can be installed on your system without your knowledge. They are designed to record keys strokes as you type into your keyboard and then send this information to an anxious criminal just waiting to get your logins, passwords, credit card numbers, etc.  A good malware and rootkit scanner can help keep this type of threat off your system. In addition, we recommend you implement safe computing practices to help avoid contracting these sorts of infections in the first place. 

On the fifth day of Christmas my scammer cheated me with Rogue Anti-virus, Key-Logging Malware, Fake FedEx Tracking, Fraudulent Support and a $300 fee.
Thieves will stop at nothing to steal something of value and what better way than to mislead you into believing there is a virus or some other threat on your computer? For a fee, you can buy the necessary software to clean up your system… however the software is actually malicious in nature. Question any program that states it can fix all your computer's problems. There are way too many "snake-oil" programs out there that will actually do more harm than good to your computer.  


On the sixth day of Christmas my scammer cheated me with Phony Look-A-Like Web Sites, Rogue Anti-virus, Key-Logging Malware, Fake FedEx Tracking, Fraudulent Support and a $300 fee.
Your printer doesn’t work.  You do a web search for “printer support” or you might even add the manufacturer’s name to your query.  Up pops a whole list of sites to chooses from, each claiming to offer help for your printer.  Many of these support sites can pose as the official manufacturer’s web site. And these “Look-A-Like” sites usually provide a toll free number to call, which can also add to the deception. Needless to say, this "Look-a-Like" site belongs to a scammer.

On the seventh day of Christmas my scammer cheated me with Social Engineering, Phony Look-A-Like Web Sites, Rogue Anti-virus, Key-Logging Malware, Fake FedEx Tracking, Fraudulent Support and a $300 fee.

Social Engineering is the psychological manipulation of people in order to trick them into performing actions or divulging confidential information. It relies on human interaction, however, when mixed with technology, it can become even easier to pull off. These con artists can take advantage of people who may not be familiar with the specific ins-and-outs of technology; and let’s be honest, considering how fast technology is moving, it can be a bit confusing sometimes. Remember that if it sounds too good to be true or if it seems suspicious, stop and ask someone else before proceeding. It could save you a lot of trouble and money in the long run.

On the eighth day of Christmas my scammer cheated me with Evil Ransomware, Social Engineering, Phony Look-A-Like Web Sites, Rogue Anti-virus, Key-Logging Malware, Fake FedEx Tracking, Fraudulent Support and a $300 fee.
Personally, I believe that there is a special place in Hades for the people behind today's Ransomware. Get infected with this and watch all your files become instantly inaccessible with military-grade encryption. At this point, even the use of a super computer running for a decade cannot decrypt your files. The data kidnapper then simply provides a ransom note demanding hundreds or even thousands of dollars before providing you with the decryption key.  Your best bet is to keep your data backed up and disconnect your external drive when it is not in use. 

On the ninth day of Christmas my scammer cheated me with Corrupt Malvertising,
Evil Ransomware, Social Engineering,
Phony Look-A-Like Web Sites, Rogue Anti-virus,
Key-Logging Malware, Fake FedEx Tracking, Fraudulent Support and a $300 fee.

Malvertising occurs when crooks hide exploits and malware inside of legitimate-looking ads that can be submitted to major online advertising networks. Malvertising can be in the form of pop-ups, drive-by downloads, embedded content, etc. We've seen a growing number of malvertising results with clients who are using web sites with rotational ads delivered by companies like Ad Choices. We highly recommend either using a script blocker or an ad blocker to avoid the pitfalls associated with these ad networks that do not properly vet their advertisers.

On the tenth day of Christmas my scammer cheated me with Tricky E-mail Phishing, Corrupt Malvertising, Evil Ransomware, Social Engineering, Phony Look-A-Like Web Sites, Rogue Anti-virus, Key-Logging Malware, Fake FedEx Tracking, Fraudulent Support and a $300 fee.
Phishing scams basically imitate popular social web sites, auction sites, banks or other financial institutions claiming that the user needs to verify their username and password. The scam basically attempts to capture your credentials or other identifying information. These emails and their related web sites look and feel almost identical to the legitimate entity, which is why it is such a successful con. Always question any emails that ask for identifying information. Legitimate companies do not practice these policies of asking for account information via e-mail.

On the eleventh day of Christmas my scammer cheated me with Intimidating Scareware,
Tricky E-mail Phishing, Corrupt Malvertising,
Evil Ransomware, Social Engineering, Phony Look-A-Like Web Sites, Rogue Anti-virus,
Key-Logging Malware, Fake FedEx Tracking,
Fraudulent Support and a $300 fee.

Common types of scareware can imitate notices from such government agencies as the FBI, CIA, Department of Justice, etc.. Traditional scams of this type have claimed that the user has downloaded illegal materials and that to avoid jail time, the user should pay “fines” via Bitcoin, which is a form of electronic currency and keeps the receiving party anonymous, which works out perfectly for these cybercriminals.

On the twelfth day of Christmas my scammer cheated me with Scripts That Attack My Browser, Intimidating Scareware, Tricky E-mail Phishing, Corrupt Malvertising, Evil Ransomware, Social Engineering, Phony Look-A-Like Web Sites, Rogue Anti-virus, Key-Logging Malware, Fake FedEx Tracking, Fraudulent Support, and a $300 fee.
Although the majority of web developers use script languages for good, unfortunately there are some developers who take advantage of the script capabilities and use it for evil purposes. Script attacks are the number one way to get infected just by visiting web sites. A script blocker is a primary component of safe computing practices.

No comments:

Post a Comment